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Information security is the protection of information and objects of the information 
communication system from accidental and organized influences of a natural or artificial nature 
that harm information users and many Information Systems. 

The Republic of Uzbekistan (12.12.2002.N439-11) the “code of principles and guarantees 
of freedom of information " provides the following concepts: 

information-sources and information in the circle of persons,objects, facts, events, events 
and ravines, regardless of the form of submission; 

information owner - a legal or natural person who owns, uses, and disposes of information 
received by his or her mablage or other legal way; 

information protection-measures to prevent threats to information security and eliminate 
their consequences; 
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information resources-in aloiida iujjats, in aloiida collections of iujjats, in Information 
Systems. collections of documents and documents (in libraries, archives,foundations, data banks 
and other information systems) ; 

security in the information sphere-the state of protection of the interests of the individual, 
society and the state in the information sphere; 

From the point of view of information security, information can be categorized as follows: 

1. confidentiality is a guarantee that a specific information can only be accessed within the 
scope of the relevant persons, that is, its use is limited and documented in accordance with legal 
documents. Violation of this clause is called theft or disclosure of information; 

2. confidentiality (Latin confedihta-trust) - essentiality,impossibility of distribution, 
guarantee of confidentiality; 

3. integrity-a guarantee that information is in its initial form, that is, no unauthorized 
changes have been made in its storage and transmission; violation of this clause is called 
information falsification; 

4. authentication (Greek - real) - a guarantee that a person declared to be the owner of an 
information Reserve is indeed the owner of the information; violation of this clause is called 
falsification of the author of the message; 

5. appeal is a sufficiently complex category, but widely used in electronic business. A 
guarantee that it is possible to prove who is the author of the message when necessary. 

By methods of ensuring information security: 

Threats to information security can take many forms. The most serious threats for 2018 
were” crimes in the way of Service " (), threats related to the complexity of Internet products, 
supply chains and regulatory requirements. "Crimes in the way of Service" is an example for large 
criminal communities to provide a package of criminal services on the darknet market at low cost 
to emerging cybercriminals. 

This makes it possible to carry out hacking attacks that were not previously achieved due 
to high technical complexity or high cost. This makes cybercrime a public phenomenon. Many 
organizations are actively implementing Internet products. Since these devices are often designed 
without security requirements, they provide additional opportunities for cyberattacks. 

In addition, the rapid development and complication of internet services reduces its 
transparency, which, together with vaguely defined legal provisions and conditions, allows 
organizations to use the personal data of customers collected by devices at their discretion, without 
them knowing. In addition, it is a difficult matter for organizations themselves to monitor which of 
the data collected by IoT devices is transmitted outside. The threat to supply chains is that 
organizations exchange a variety of valuable and sensitive information with their suppliers, 
resulting in the loss of direct control over them. Thus, the risk of violating the confidentiality, 
integrity or availability of this information increases significantly. 

° Today, increasingly new requirements of regulators significantly complicate the 
management of vital information assets of organizations. For example, the General Data Protection 
Regulation (GDPR), adopted in the European Union in 2018, requires any organization to show at 
any time the content of personal data placed in any part of its activities or supply chain, the 
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methods of processing them, the order of preservation and protection and for what purposes it 
serves. 

° In addition, this information should be provided not only during verification by the 
competent authorities, but also at the first request of the owner of this information. Compliance 
with such compliance requires the exclusion of important budgetary funds and resources from other 
information security tasks of the organization. Although simplifying the processing of personal data 
implies an improvement in information security in the long term, in the short term, the risks of the 
organization increase significantly . 

° Most people in one way or another are exposed to information security threats. For 
example, they are victims of malware (viruses and computer worms, Trojan horse(computer virus), 
and fraud programs), phishing, or identity theft. Phishing (English: Phishing) is a fraudulent act 
aimed at obtaining confidential information (such as account, password, or credit card information). 


° Typically, they refer to an internet user as a member of any organization (bank, internet-do 
HYPERLINK "https://uz.wikipedia.org/w/index.php?title=Internet- 
do%CA%BBkon&action=edit&redlink=1 ie HYPERLINK 


‘https://uz.wikipedia.org/w/index.php?title=Internet-do%CA%BBkon&action=edit&redlink=1" 
mining, social networking, etc.k.) try to lure them into a fake website that cannot be distinguished 
from their original website. 
° As a tule, such attempts are made by mass sending fake emails containing links to fake 
websites on behalf of the organization. The user becomes the prey of scammers by opening such a 
link in the browser and entering their account information. In 1964 [18] a template:Tr was 
introduced into English, using someone's personal information (such as a name, bank account, or 
credit card number, often obtained by phishing) to commit fraud and other crimes. 
° A person who receives illegal financial benefits, loans or other crimes on behalf of 
criminals often becomes the accused himself, and this can lead to serious financial and legal 
consequences for him. Information security directly affects privacy, and the condition can be 
described differently in different cultures. 
° Governments, the military, corporations, financial institutions, medical institutions and 
private enterprises constantly collect a large amount of confidential information about their 
employees, customers, products, research and financial results. 

¢ If such information falls into the hands of competitors or cybercriminals, it can lead to 
comprehensive legal consequences for the organization and its customers, irreparable financial and 
sad losses. From a business point of view, information security must be balanced with respect to 
costs. The Gordon-Lob [en] economic model describes the mathematical apparatus for solving this 
problem. According to him, the main methods of combating information security threats or 
information risks include: 

* reduction-implementation of security and countermeasures to eliminate vulnerabilities 
and prevent threats; 

* transfer-transfer of costs associated with the implementation of threats to third parties: 
insurance or outsourcing companies; 
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* acceptance-formation of financial reserves in the event that the costs of implementing 
security measures exceed the possible harm from the implementation of the threat; 

* abstinence-abstinence from excessively dangerous activities. 

By the threat to information security and its types: 

Information security-protection against accidental and deliberate attacks. Information 
security is a multifaceted field of activity, and only a systematic and comprehensive approach can 
bring success in the law of the Republic of Uzbekistan No. 439-II of December 12, 2002 “on the 
principles and guarantees of freedom of information’provides the following definitions of 
information and its types: 

a) information-sources and information about individuals, objects, facts, events and 
processes, regardless of the form of submission; 

b) information protection-measures to prevent security threats and eliminate their 
consequences; 

c) media — documented information, print, audio, audiovisual and other messages and 
materials intended for persons of unlimited scope; 

d) documented information — information recorded in the material body with the addition 
of requisites of the application, which allows for identification; 

e) confidential information-documented information, the use of which is limited in 
accordance with the legislation. 

This definition is expressed in the resolution of the Cabinet of Ministers of the Republic of 
Uzbekistan dated November 7, 2011, 296, as follows: confidential information is documented 
information that is limited in use in accordance with the legislation of the Republic of Uzbekistan, 
does not contain information belonging to state secrets. 

Confedential information-documented information, the use of which is limited in 
accordance with the legislation. Information about the tevarak universe, an object of storage, 
modification, transmission and use for certain purposes, can be broadly understood as information. 
In this understanding, a person is influenced by a constantly changing information field that affects 
his way of life and actions. Information according to its description is political, military, economic, 
scientific and technical, developed may be release or commercial as well as confidential, 
confedential, or non-confidential. The concept of Information Security, a description of its 
founders. Information security refers to the protection of information and its supporting 
infrastructure from accidental or intentional influences of a natural or artificial nature. Such effects 
can severely damage relationships in the information field, including information owners, 
information users, and infrastructure supporting information protection. 

The law of the Republic of Uzbekistan No. 439-II of December 12, 2002 “on the 
principles and guarantees of freedom of information’defines information security as information 
security and refers to the state of protection of the interests of the individual, society and the state in 
the field of information. In the field of information, the interests of the individual are manifested in 
the implementation of the constitutional rights of citizens to the use of information, in the practice 
of activities not prohibited by law, and in the use of information in physical, spiritual and 
intellectual development, in the protection of information providing personal security. 
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In the information field, the interests of society are reflected in the promotion of the 
interests of the individual in this area, in the strengthening of democracy, in the construction of a 
social legal state, in the support of social harmony. State interests in the information sector are 
expressed in the creation of conditions for the development of National Information Infrastructure, 
in the implementation of constitutional rights and freedoms of individuals and citizens in the field 
of information acquisition, in the use of information, in the strict implementation of law and order 
in order to ensure territorial unity, sovereignty and constitutional order, political, economic and 
social stability of Uzbekistan, 

Information security is a multifaceted field of activity, to which only a systematic, 
integrated approach can bring success. In solving this problem, legal, administrative, procedural 
and software-technical measures are used. Today, there are three main principles that ensure 
information security: — data integrity — protection against violations that lead to information loss, as 
well as the formation or destruction of data without copyright; 

As a conclusion in this article,it should be noted that the main purpose of ensuring 
information security is to protect the confidentiality,integrity and availability of information in a 
balanced way, taking into account the expediency of application and without any harm to the 
activities of the organization. This is achieved primarily through a multi-stage risk management 
process that identifies key tools and intangible assets,threat sources,vulnerabilities, potential 
impacts, and existing risk management capabilities. This process is accompanied by an assessment 
of the effectiveness of the risk management plan. 
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